If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

This will show you how many security vulnerabilities there are on your PC system at the application level......run it again in a week or two and you will find some more

Some more generalisations:

Security is also dependent on other factors, including:

1. The application (forum, social networking, e-mail, website etc.) What it is, what it does, how it works, & how it interacts etc.......
2. Its hosting......if the host is vulnerable it is pretty much game over.
3. Its management.......compromise the management client and you pwn the host/server.
4. User accounts. These are frequently graded and have different authority levels. For example, an administrator account on a forum can pretty much do anything.......either compromise the account or go for privilege elevation.
5. Security application at the host and client levels. For example, if I set up a forum and force an 8 character minimum password and give you 3 chances at the correct login details before locking you out for 30 minutes;a brute force crack is out of the question. On the other hand, if the client sets a weak, easily guessed password, or I keylog him, or sniff his wireless.............it is a waste of time.
6. The human factor.............social engineering still works!

And that's just the tip of the iceberg!

DISCLAIMER:

If you are going to experiment with any of these suggestions, make sure that it is on equipment and applications that you own, or have permission to do so.

Last edited by nihil; March 27th, 2011 at 04:36 AM.

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?

If you look at the bottom of a forum page you will see "powered by" eg:

For the most part you'll run into a script that has nothing to do with the forum itself but you'll retieve everything the domain has stored. Looking for a specific script is a waste of time.

Just Google for vulnerabilities and take it from there.

That's like trying to find water in the ocean. Google for things? Why? I found vulnerable sites purely by accident then did them in without even trying. Even the more high profile stuff was through pure luck. I could fart on a ouija board and find login details for crying out loud!

If you are going to experiment with any of these suggestions, make sure that it is on equipment and applications that you own, or have permission to do so.

Never been charged. Not because im careful about what I've done... but because the activities in question where litterally that petty and stupid. Nobody cares. There is no thrill or danger in it at all.

Man its been years since I've been back to AO and we STILL get these types of requests!

I understand your amazement, but I guess this is the first one I have seen in the past 2~3 years or so.

We still get the occasional weird one, but the "how do I hack the Gibson" variety have pretty much died out.

@ The-Spec:

That's like trying to find water in the ocean. Google for things? Why? I found vulnerable sites purely by accident then did them in without even trying.

Given that this thread is in Newbie Security Questions, and the content of the OP's first post, that might not be a bad place to start?

Anyways, the thread as started by the OP to ask a question............not for you to preen your ego?

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?

I found vulnerable sites purely by accident then did them in without even trying. Even the more high profile stuff was through pure luck. I could fart on a ouija board and find login details for crying out loud!

Just out of pure curiosity, do you have any amusing story's to share? without giving exact names of site's. What would have been the most amusing "Pwn" you've stumbled onto?

Any high profile site's that you've accidently "Hello Kitty" all over?

Internet based businesses go through a series of bubbles and bursts. For every website that shuts down a better one will crop up. But the problem is the Web 2.0 bubble went through such a long, successful haul that the likes of google, ebay, and amazon have a hold over things.

Things will go the way of the radio and television... thousands of channels all owned by three or four broadcasters with a complete lack of content. Social networks are the internet's version of game shows and reality tv.

Now we could easly "change the content" but the problem is that even web defacers have nothing to say. I myself have pretty much lost hope in some of the things I set to change on the internet. I've fallen into the "quantity over quality" style of web based intrusion... typical of kids like the OP and muslimFAGs on Zone-H.

like nihil said, there are many ways you can go about it depending on your goal and medium of choice.

If you want to go to the path of Social Engineering, there are countless methods of achieving that... like spear phising or doing standard recon.
same goes if you want your attack at the application level or on the actual host.

If your question is how I would go about doing it? I would start by getting to know my target very well, as much as I possibly could.